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Amendments to the Specification 

Please replace the paragraph that begins on Page 4, line 1 3 and carries over to Page 5, line 2 with 
the following marked-up replacement paragraph: 

~ Tn some applications, it is important to speed up computation of the PRBG function. 
One possible way to do this is to restrict its input to small values of x. Let B be an integer bound, 
and assume that x must be less than B for the PRBG function y = G** mod P. ft appears to be 
reasonable to assume that computing the discrete logarithm of y is still hard, even knowing that x 
is less than some value B. Indeed, it has been demonstrated that the running time of the index 
calculus method depends only on the size N of the whole group ZP*- Depending on the size of 
B, different methods for computing the inverse of function f may actually be more efficient 
[[that]] than the index calculus method. For example, the so-called "baby-step, giant-step" 
algorithm or the "rho" or "lambda" algorithms can compute the discrete logarithm of y in time 
proportional to the square root of B. But if B is chosen large enough (e.g. if B is approximately 
log A 2 N bits Jong), then this is still too much time to be considered computationally feasible and 
thus provides a secure PRBG. — 

Please replace the paragraph that begins on Page 18, line 12 and carries over to Page 19, line 7 
with the following marked-up replacement paragraph: 

— It can be demonstrated that the computation of mod P with a short exponent* as 
disclosed herein, requires roughly (L5 log [[x]] 2^x) modular multiplications; when x is limited 
to 1 60 bits, as discussed above, this is equivalent to (1 .5 * 160) or 240 modular multiplications. 
Contrast this to the cost of the Patel-Sundararn generator, where the same number of pseudo- 
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random bits would cost (1*5 *N)or 1 536 modular multiplications. The modular multiplications 
are the most expensive operation in the PRBG of the present invention. Because the modular 
exponentiations are computed over the same (fixed) basis G A , the powers of can be 
precompiled and stored in a table to enable more quickly computing some particular G^x. If a 
table T stores values for G A (2 A i) mod P 5 where i takes on the integer values from 0 through C, 
then on average (.5 * C) multiplications are required for computing G A for a random C-btt 
exponent. The table requires on the order of (C * N) hits of memory. By using a prccomputation 
table of this type, the PRBG of the preferred embodiment requires a table of size (160 * 1024) 
bite or 20 kilobytes, and the function G A x can be computed with only (.5 * 160) = 80 
multiplications. (As previously discussed, the precomputation tables of Peralta and of Pate) - 
Sundaram are 1 megabit tables. Thus, the present invention provides advantages in terms of 
reduced storage requirements as contrasted to those prior art PRBGs*) 

Please replace the paragraph on Page 20, lines 3-17 with the following marked-up replacement 
paragraph: 

™ Refer to Figs. 3 and 4 for an illustration of operation of a preferred embodiment of the 
PRBG of the present invention. As has been stated, the PRBG input of the present invention is 
significantly shorter than the number of output bits generated per iteration. Fig 3 illustrates a 
single iteration of a preferred embodiment of the PRBG, using a 160-bit input value x, which is 
processed by the PRBG algorithm f(x) = G A x mod P to yield 1024 bits. From these 1 024 
generated bits, 160 are selected as input to the next iteration and [[860]] 864 are used as pseudo- 
random output bits. Note that the 160 selected bits are not required to be the top-most bits, nor 
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are they required to be contiguous: various selection techniques may be used without deviating 
from the scope of the present invention. Fig. 4 illustrates use of multiple iterations of the PRBG 
to generate a sequence of pseudo-random output bits. At each iteration, the [[860]] 864 output 
bits are used in forming the output sequence, preferably by concatenating the groups of bits to the 
output sequence of a prior iteration. The iteration may be repeated as necessary, depending on 
the requirements of an application for which the PRBG is operating. (Typically, this PRBG will 
be used with encryption applications, for example to generate keying material, although this is 
for purposes of illustration and not of limitation.) — 
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